Assign a responsible member to manage group membership

Moderators: mandville, PhilD, General Support Moderators

Post Reply
AustinGrey
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Fri Jun 22, 2018 4:12 pm

Assign a responsible member to manage group membership

Post by AustinGrey » Fri Jun 29, 2018 9:58 pm

Hi everyone, I'm working on my first Joomla website to replace an old system. In that system there was a very basic user management section, where I could define groups and users, and say if a user belonged to a group. There was another important feature - I could also assign a user (not necessarily in the group) to be responsible for the group membership. But these users are typically end-users who shouldn't have access to the Joomla back end, or be able to see membership of any other group but the ones that they manage.

Is there a way to set this up in the ACL, and if so are there any guides to point me in the right direction? Any help would be appreciated.

I tried looking up User Group Ownership Joomla, but that's littered with UNIX file permissions topics, and it seems that there are enough other topics on ACL that it clutters the results any other way I go looking, so I apologize but I haven't really found much in the way of other solutions to try yet.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 34753
Joined: Sat Apr 05, 2008 9:58 pm

Re: Assign a responsible member to manage group membership

Post by Webdongle » Fri Jun 29, 2018 11:44 pm

In Global config you can set a user group to sign in admin but leave 'Access Administration Interface ' Inherited Not Allowed.
Then in Users >>> Options Allow 'Access Administration Interface ' and Create and Edit own.

Users in that Group can then login to /administrator and only see the Users menu. They will be able to Create Users, User Groups, users viewing access levels etc. And only edit the ones that they create. But they will be able to set that user to any user group.

You will need to trust your users to stick to creating/editing users for the user group you tell them.

AustinGrey
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Fri Jun 22, 2018 4:12 pm

Re: Assign a responsible member to manage group membership

Post by AustinGrey » Tue Jul 03, 2018 8:20 pm

Thank you very much for your response. Although it isn't exactly what we need it seems to be a safer bet than creating our own user management component right now. I will definitely give it a shot!

If that doesn't work, and if you have time to answer another question, is there anything stopping us from looking into editing the values in the Joomla user, usergroups, viewlevels, etc tables ourselves in a house made component? We're intermediate PHP devs, so if it's not an expected use case/dangerous I can see that not being an option to take.

User avatar
Per Yngve Berg
Joomla! Master
Joomla! Master
Posts: 24623
Joined: Mon Oct 27, 2008 9:27 pm
Location: Akershus, Norway

Re: Assign a responsible member to manage group membership

Post by Per Yngve Berg » Tue Jul 03, 2018 8:55 pm

I have previously suggested that the Joomla Category System is implemented in User Manager. By putting the users into categories, managers can be set to the categories so only users in a given category is allowed to be changed.

It will solve the OP's issues. It requires replacing two plugins (Joomla User and Joomla Authentication)

User avatar
sozzled
Joomla! Champion
Joomla! Champion
Posts: 5356
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Assign a responsible member to manage group membership

Post by sozzled » Tue Jul 03, 2018 9:22 pm

Per Yngve Berg wrote:I have previously suggested that the Joomla Category System is implemented in User Manager. By putting the users into categories, managers can be set to the categories so only users in a given category is allowed to be changed.
Perhaps this is my misunderstanding from the translation.

I am not aware of the "Joomla Category System". Perhaps we are talking about User Groups (i.e. ACLs)? It would also help if we might see where this suggestion was previously made with a URL link. In any case, while the brief information may be on topic, I think it would help if there was a more comprehensive explanation than simply stating how the "Joomla Category System"—I don't understand what that means—will address the problem.
Per Yngve Berg wrote:It will solve the OP's issues. It requires replacing two plugins (Joomla User and Joomla Authentication)
Again, it may help to know what these two plugins should be replaced with.

Thanks. Looking forward to more information on this subject that may be of interest to many site administrators who need this level of granularity for administering users. :)
https://www.kuneze.com/blog
Former member of Kunena project team
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 34753
Joined: Sat Apr 05, 2008 9:58 pm

Re: Assign a responsible member to manage group membership

Post by Webdongle » Tue Jul 03, 2018 9:38 pm

sozzled wrote:
Per Yngve Berg wrote:I have previously suggested that the Joomla Category System is implemented in User Manager. By putting the users into categories, managers can be set to the categories so only users in a given category is allowed to be changed.
...
I think he means that Users can be allocated to categories. i.e. By default can view all categories their user group has access for. But (by editing values in the user add/edit screen) can be restricted to specific categories. That way when the user group (they are in) is given Create and edit access ... they can only Create/edit users in categories they are assige to not all the categories that their User Group has access to.

User avatar
sozzled
Joomla! Champion
Joomla! Champion
Posts: 5356
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Assign a responsible member to manage group membership

Post by sozzled » Tue Jul 03, 2018 9:56 pm

Thanks, @Webdongle, but I'm not sure it answers my question and I'm not sure if it answers the OP's question.

I understand about associating users with article categories (so that authors, editors and publishers are able manage website content). However, the subject of this topic and the OP's first post, is also a little unclear. Perhaps I've misunderstood the original question.

My understanding of the question was about how a site owner could delegate to another person or persons the task of recruiting, registering and therafter managing subsets of the total user membership. For example, suppose you had a club that comprised "management", lawn bowls, tennis, darts, sewing, etc. Let's say you wanted to delegate some of the members to be responsible for allocating members to the "management" team, to allocate members to the lawn bowls membership, to the darts members, etc. I think that was the kind of thing implied in the original question.

I addition to giving people delegated powers to manage subsets of the entire user population, there is also the matter of allocating the privileges necessary to allow members of those subsets to be able to work with content used by those subsets if you follow my meaning.

The part that I don't understand is the part I inferred in the area of delegation of powers over the Joomla User Manager feature or with various parts of it.
https://www.kuneze.com/blog
Former member of Kunena project team
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?

AustinGrey
Joomla! Apprentice
Joomla! Apprentice
Posts: 5
Joined: Fri Jun 22, 2018 4:12 pm

Re: Assign a responsible member to manage group membership

Post by AustinGrey » Tue Jul 03, 2018 10:23 pm

Hi @sozzled, I'm just confirming that your example is correct, thanks for your help. I am envisioning a system where one User Group is set to be in charge of managing who belongs to another User Group. For a more business oriented example, you might have an HR department in charge of hiring, and a Publishers team that has access to a publishers only component page. The people in the HR group should be the only ones allowed to give a new publisher access to that publishers group - which gives them access to that component.

User avatar
Webdongle
Joomla! Master
Joomla! Master
Posts: 34753
Joined: Sat Apr 05, 2008 9:58 pm

Re: Assign a responsible member to manage group membership

Post by Webdongle » Tue Jul 03, 2018 11:03 pm

Although User Group Create edit etc Permissions can be can be set per categories (and Articles) ... the Users Create edit etc Permissions can not. If you give a User Group Create/edit Permissions in User Options then they can Create/edit users and assign them to any User Group.

User avatar
sozzled
Joomla! Champion
Joomla! Champion
Posts: 5356
Joined: Sun Jul 05, 2009 3:30 am
Location: Canberra, Australia
Contact:

Re: Assign a responsible member to manage group membership

Post by sozzled » Tue Jul 03, 2018 11:10 pm

Ah, I think I've found the source of my misunderstanding. Thanks, @AustinGrey, for confirming the question.

I probably took @Per's reply too literally:
Per Yngve Berg wrote:I have previously suggested that the Joomla Category System is implemented in User Manager.
I suspect that the true meaning, if I rewrite it, is this:

"Some time ago I made a suggestion to the Joomla community for the User Manager facility to incorporate a 'user category system'. By putting users into categories, managers can be assigned to the categories so that they have control over only those users within those categories.

"This feature does not currently exist in Joomla. I believe that it would require rewriting two plugins."

Perhaps that addresses your question? I think @Webdongle's reply immediately after the original post in this topic is probably the best answer you'll get. As he stated, it involves an element of trusting your delegated users to use their privileges responsibly but it's also comforting to know that, as a superuser, you have to means to fix up their mistakes (if they should make any).

Yep, I think it would a real bonus if a future version of Joomla incorporated the facility as I understand that @Per outlined it. Cheers. :)
https://www.kuneze.com/blog
Former member of Kunena project team
If you think I’m wrong then say “I think you're wrong.” If you say “You’re wrong!”, how do you know?


Post Reply

Return to “Access Control List (ACL) in Joomla! 3.x”